In daily life, information security of individuals, enterprises, and other objects is often ensured by setting passwords. For example, power-on passwords are set for devices such as personal computers (PC) and smart phones, and login passwords are set for accounts such as an online bank account and a social network account. After a password is set, password authentication needs to be performed before any user uses a related device or logs on to a website by using a related account. When information input by the user matches the preset password, a permission to use the related device or to log on to the website using the related account may be granted.
A conventional password authentication method includes acquiring an authentication password input by a user and comparing the input authentication password with a preset password. If the number of characters in the authentication password is the same as the number of characters in the preset password, and character values in the authentication password are the same as those at the same positions in the preset password, it may be determined that the input authentication password is the same as the preset password, and that the password authentication is successful.
Since the conventional password authentication method is based on the number of characters and character values, the preset password can be cracked by means of exhaustion. For example, a number of character strings of different lengths with different characters may be generated through a manual operation or by a corresponding automatic program and be used as authentication passwords for password authentication. As a result, a character string that successfully passes the authentication may be identified as the preset password.